Log files?

Dirk Beerbohm

July 19, 2020 17:38

Hello,

does "Firewalla Gold" logs it's actions, etc. in log files on the file system.

I would like to collect them and send it to a Splunk system for monitoring, analysis.

Comments

42 comments

Chris Hewitt

January 18, 2022 11:21

Edited
@Scott Copeland

I think you are being a bit rough on the Firewalla team. This team has been working flat out for a few years at this point. They haven’t just created a startup with a new product and supporting software, they have come up with five new hardware products. They have implemented a lot of our requested features. I am sure they have a backlog they groom daily and prioritize based on market need the what addresses the broadest customer wants.

Those on this thread are certainly on the long tail.

Check out our other posts, we’ve been sending to Splunk, and for awhile ELK as well, so as-is it can be done. If you’re using security onion you shouldn’t have any trouble sending Firewalla logs to it.
0

Comment actions Permalink
JB

April 28, 2022 12:45
Agree with everybody here. This is marketed as a prosumer product and should have these features. Thanks for the support!
0

Comment actions Permalink
Firewalla

April 28, 2022 16:01
see if this fit what you need https://help.firewalla.com/hc/en-us/articles/5345330648083-MSP-API-Getting-Started-
0

Comment actions Permalink
Shane Lord

May 20, 2022 12:24

Edited
If you’re trying to lower the associated MSP portal infra costs for AWS, why don’t you use Linode instead. Much less expensive.

https://www.linode.com/aws-vs-linode/
0

Comment actions Permalink
Firewalla

May 20, 2022 18:07
Unfortunately, we are married to aws, which is a good thing and a bad thing.
0

Comment actions Permalink
Michael Bierman

June 24, 2022 17:42
For those who may want to set up syslog with Firewalla this script may be helpful.

https://gist.github.com/mbierman/f3d184b65e0f4de6fa75a4a5d5145426
0

Comment actions Permalink
seanchiggins

July 24, 2022 20:01
Hello,

I am new to Firewalla and was looking at the information here and wondered, why not just create a rsyslog configuration file like /etc/rsyslog.d/45-current.conf, which contains:
```
 module(load="imfile" PollingInterval="10")
input( type="imfile" File="/log/blog/current/*.log" Tag="current-log" Severity="error" Facility="local7")
if $syslogtag contains "current-log" then {
  action(type="omfwd" target="192.168.x.x" port="514" protocol="tcp"
            action.resumeRetryCount="100"
            queue.type="linkedList" queue.size="10000")
  stop
}
```
This takes all the log files in /log/blog/current and forwards them to the target host.

Once you add this file, you run:
```
sudo systemctl restart rsyslog
```
I do not know if this file will survive an update to Firewalla, but it works on my Firewalla Purple right now.
0

Comment actions Permalink
seanchiggins

August 07, 2022 16:35
Ok, after some experimentation, the first line in /etc/rsyslog.d/45-current.conf should be:
```
module(load="imfile" Mode="polling" PollingInterval="5")
```
0

Comment actions Permalink
Michael Bierman

August 07, 2022 20:51
Hey Sean,

You can make this persistent like so: gist.github.com/mbierman/f3d184b65e0f4de6fa75a4a5d5145426
1

Comment actions Permalink
seanchiggins

August 14, 2022 16:35
Thanks Michael!
1

Comment actions Permalink
webadmin

March 06, 2023 21:32
Check

/var/log/syslog

They are backed up from previous into syslog.1.gz syslog.2.gz etc.
0

Comment actions Permalink
Alasdair Grant

October 31, 2023 12:51
Did this ever ever get addressed by the developers? I see some people have an rsyslog option, that could work but I'd rather the machine handle it and have the option to export/forward logs in OCSF format if possible.
1

Comment actions Permalink

Please sign in to leave a comment.

Comments

Didn't find what you were looking for?